Polygon zkEVM Security Measures: The Journey Toward a Safe, Decentralized Mainnet Beta

March 20, 2023
Polygon Solutions
Image source: Dribbble

Polygon Labs’ highest priority is security. Now that Polygon zkEVM has been battle-tested over the course of successive testnets, it’s nearly ready for a Mainnet Beta release. That doesn’t, however, mean it’s ready to be released without any guardrails in place. Polygon zkEVM Mainnet Beta will be released with a set of security features that will evolve over stages and will pave the way for the ultimate goal of decentralization.

There’s no such thing as a truly innovative technology that carries no risks at launch. That’s why we are launching Polygon zkEVM Mainnet Beta with “limited training wheels,” according to Vitalik’s useful taxonomy of rollup milestones.  

As Mainnet Beta goes on, the goal is to reach stage two: “No training wheels,” in Vitalik’s formulation. This second stage will bring Polygon zkEVM closer to its goal of decentralization. 

Polygon Labs recognizes that it’s important to get this right and to communicate with the Ethereum community about what exactly the core team is doing and the Polygon zkEVM roadmap to greater decentralization. 

Stage 1 - Mainnet Beta Launch: Limited training wheels 

During the stage one of Polygon zkEVM Mainnet Beta, there will be a few major goals: 

✅ Gain experience and network maturity in preparation for the transition to stage two–i.e., no training wheels, censorship resistant network

✅ Try out smart contracts in a Mainnet Beta environment (inevitably different than a testnet)

✅ Document user and dev experiences

✅ Allow code reviewers to participate in the bug bounty program

✅ Complete further audits

The security features are as follows: 

  1. Appointment of a Security Council multisig who can perform emergency upgrades. Polygon zkEVM’s Security Council is a 4/7 multisig made up of highly reputable members of the Ethereum community. The Security Council can act quickly in case of security risk.
  2. Polygon zkEVM can, in this first stage, be upgraded with no time lock if the Security Council considers there is a security threat. This is necessary so that the core devs can address any major issues that could arise at this early stage, when the uncertainty about possible vulnerabilities is greatest.
  3. A bug bounty program will be in place starting at Mainnet Beta launch; this program will continue throughout the different stages.  
  4. And finally, during stage one, the ability to force transactions to Ethereum L1 will not be enabled immediately–but it will be enabled within a month after launch. First on the ongoing testnet and, later, on mainnet.

Stage 2 - No training wheels 

After a certain period of time in stage one, Polygon zkEVM will have its training wheels removed in accordance with the criteria established by Vitalik for stage two:  “In the event that code does not have bugs, there must not be any group of actors that can, even unanimously, post a state root other than the output of the code.” 

In order to reach this stage, Polygon zkEVM will have to have reached an optimal level of network maturity after a few months running, and it will also be necessary for no critical bugs  to have been reported within a period of 3-6 months. Only once these hurdles have been cleared will the training wheels be further loosened.  The following next steps will complete the transition to stage two: 

  1. Full implementation of forced transactions to L1. In other words, users will have the ability to force their transactions to L1 if something goes wrong with Polygon zkEVM, including a failing of the trusted sequencer. Implementing this feature will give Polygon zkEVM censorship resistance.
  2. The Emergency Halt Switch will be removed, meaning that there will no longer be a Security Council that could upgrade Polygon zkEVM without a timelock.
  3. Upgrades are still allowed, but with a timelock of >= 30 days.

Polygon zkEVM makes one major departure from Vitalik’s criteria for the conditions under which a Security Council could assert itself: The rollup does not use “two or more provers.” As of now, Polygon zkEVM  uses only a single prover. At this time, the core team believes this is the most practical approach, for a number of technical reasons, including the probability that two provers implemented by the same team would include the same mistakes in both. And two provers built by different teams are unlikely to be interoperable to a degree sufficient to mitigate risks beyond the measures being implemented and discussed here. 

Based on the features above, stage two of Polygon zkEVM will achieve censorship-resistance. This means that nothing, including the centralized sequencer and aggregator, can gain access to user funds or lock up such funds.

Fine-Tuning on the Road to Decentralization

These are the measures designed to protect Mainnet Beta devs and users as this bleeding-edge technology is fine-tuned in what will be, for the time being, a relatively centralized state. Polygon zkEVM’s core team is aiming to achieve a higher degree of decentralization in the future. For now, it makes sense to sacrifice a certain amount of decentralization in favor of greater user security.

Polygon zkEVM is nearly ready for Mainnet Beta because it’s the leading source-available, EVM-equivalent zkEVM, it’s been rigorously audited, and it’s passing the relevant vectors in the Ethereum test suite. The schema outlined above is the best way to help protect users. Polygon Labs looks forward to discussing the details of this approach at the Ethereum Magicians Forum.

A Request to the Ethereum Community

Polygon Labs would also like to ask the Ethereum Community to please use Polygon zkEVM responsibly, with an awareness that it’s an emerging technology with imperfections. Polygon zkEVM Mainnet Beta is a crucial moment for Ethereum–a major step forward on the most important adventure in Web3. Scaling Ethereum is a community effort. We all have to work together on our journey to the frontiers of Web3. 


For a comprehensive resource on Polygon zkEVM, check out the documentation wiki. And if you’re interested in (or perplexed by) Zero Knowledge, follow Polygon’s dedicated ZK handle, @0xPolygon, and head over to our ZK forum

Website | Twitter | Developer Twitter | Telegram | Reddit | Discord | Instagram | Facebook | LinkedIn

Polygon Solutions News
Polygon zkEVM

More from blogs

April 25, 2024
Aggregation

How the AggLayer Unlocks a New Age of Blockchain Economics

April 23, 2024
Aggregation

The Beginner’s Guide to Aggregated Blockchains

April 18, 2024
Aggregation

Union Brings Cosmos to the AggLayer

April 16, 2024
Aggregation

OKX Launches X Layer, Built with Polygon CDK, Enabling 50M+ Users to Tap Unified Liquidity of the AggLayer

April 15, 2024
Polygon News

Polygon Labs Awarded ISO 27001 Certification, the Gold Standard of Compliance for Information Security Management Systems

April 11, 2024
Polygon News

Introducing the Polygon Community Treasury Board and Governance Framework

April 4, 2024
Aggregation

WTF is Polygon?

April 1, 2024
Polygon CDK

Moonveil Building Dedicated Chain with Polygon CDK to Level Up Web3 Gaming, with Focus on an Aggregated Ecosystem

March 28, 2024
Polygon CDK

Tutorial: Launch a Custom Native Gas Token for a Polygon CDK Chain

March 27, 2024
Polygon Solutions

Polygon PoS is Cooking: The Napoli Upgrade Means Better UX; the Mumbai Testnet Takes a Bow

March 26, 2024
Case Studies

FraXion Tokenizes Institutional-Grade Real Estate to Lower Barriers to Entry—and Helps Underserved Small Businesses Raise Capital

March 21, 2024
Developers

Build Better with dApp Launchpad, Now Live

March 19, 2024
Institutional

Libre Is Live and Putting TradFi on Blockchain Wheels with Access to Funds from Brevan Howard and BlackRock

March 18, 2024
Community

Phase One of Native USDC Migration on Polygon PoS Is Underway

March 15, 2024
Case Studies

Miden Pioneers: How Rize Labs is Building Fairness into Online Poker with Aze